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5/5/1 (Item 1 from file: 347) 

DIALOG (R) File 347:JAPIO 

(c) 2004 JPO & JAPIO. All rts. reserv. 

07015478 **Image available** 

RECORD MEDIUM AND ITS ACCESS CONTROL METHOD 



PUB. NO. : 
PUBLISHED: 
INVENTOR (s) : 
APPLICANT (s) 
APPL. NO. : 
FILED: 
INTL CLASS: 



2001-243106 [JP 2001243106 A] 
September 07, 2001 (20010907) 
OGAKE MITSURU 
RICOH CO LTD 

2000-050394 [JP 200050394] 
February 28, 2000 (20000228) 

G06F-012/00; G06F-003/06; G06F-012/14; G06F-017/30; 
G11B-020/10 



ABSTRACT 

PROBLEM TO BE SOLVED: To provide a record medium that can only be accessed 
by a identified user under an environment of general medium usage like a 
personal computer. 

SOLUTION: The access method provides two types of root directories. 

One is a root directory 1 c to show only the information that the root 
directory exists and the other is the root directory 2 d that contains the 
intrinsic root directory data. A right user can access objective record 
data by accessing the root directory 2 d through a root directory 
arrangement information f but an unauthorized user is made to access the 
root directory information 1 c having only root directory subjected to a 
root directory access information a. 



COPYRIGHT: (C) 2001, JPO 
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DIALOG (R) File 350:Derwent WPIX 
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WPI Acc No: 2003-198971/200319 

XRPX Acc No: N03-158190 

Network device access authentication system for use within distributed 
network e.g. internet, has master directory structure which contains data 
recording personnel who are authorized to access devices in remote data 
centers 

Patent Assignee: KENNEDY P (KENN-I ) 
Inventor: KENNEDY P 

Number of Countries: 001 Number of Patents: 001 
Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

US 20020162028 Al 20021031 US 2001841008 A 20010425 200319 B 



Priority Applications (No Type Date): US 2001841008 A 20010425 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
US 20020162028 Al 18 G06F-012/14 



Abstract (Basic) : US 20020162028 Al 

NOVELTY - A master directory structure (102) contains data 
regarding personnel who are authorized to access devices in remote data 
centers (108,110,112). A hub receives directory structure information 
from the master directory structure. Several directory structure copies 
within each remote data center which are accessible by the devices in 
the remote data centers. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are included for the 
following : 

(1) Master directory structure; and 

(2) Method for managing multiple customer accounts. 

USE - For authentication of network device access within a 



distributed network e.g. internet or intranet. 

ADVANTAGE - By providing a single master directory structure, 
all access authorization is based upon the master structure and hence 
the access credentials are readily manageable. Also the centralized 
master structure obviates the need for replicating and updating a 
database containing user identification information and passwords. 

DESCRIPTION OF DRAWING (S) - The figure shows the block diagram of 
the network device access authentication system. 

Master directory structure (102) 

Remote data centers (108,110,112) 

pp; 18 DwgNo 1/5 

Title Terms: NETWORK; DEVICE; ACCESS; AUTHENTICITY; SYSTEM; DISTRIBUTE; 

NETWORK; MASTER; DIRECTORY; STRUCTURE; CONTAIN; DATA; RECORD; PERSONNEL; 

AUTHORISE; ACCESS; DEVICE; REMOTE; DATA; CENTRE 
Derwent Class: T01 

International Patent Class (Main) : G06F-012/14 
File Segment: EPI 



5/5/3 (Item 2 from file: 350) 

DIALOG (R) File 350: Derwent WPIX 

(c) 2004 Thomson Derwent. All rts. reserv. 
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WPI Acc No: 2002-739750/200280 

XRPX Acc No: N02-582762 

Program product for creating invisible hierarchy in planning system, has 
checking mechanism determines whether any of rules is associated with 
plan segment reference data for creating invisible hierarchy 

Patent Assignee: INT BUSINESS MACHINES CORP (IBMC ) 

Inventor: SHUKLA M 

Number of Countries: 001 Number of Patents: 001 
Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

US 6456997 Bl 20020924 US 2000548131 A 20000412 200280 B 

Priority Applications {No Type Date): US 2000548131 A 20000412 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
US 6456997 Bl 11 G06F-017/30 

Abstract (Basic) : US 6456997 Bl 

NOVELTY - A loading mechanism (31) loads a plan segment which is a 
portion plan cube and comprising data, rules and defined hierarchy with 
specific dimension. A checking mechanism (32) determines whether any of 
the rules is associated with the plan segment reference data for 
creating invisible hierarchy which comprises ancestor of defined 
hierarchy. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are included for the 
following : 

(1) Planning system; and 

(2) Invisible hierarchy creation method. 

USE - For creating invisible hierarchy in planning system (claimed) 
such as computerized planning system. 

ADVANTAGE - Enables the planners to access higher level plan 
data for variable calculations, without the need to load entire 
hierarchy and planning cube. 

DESCRIPTION OF DRAWING (S) - The figure shows a client-server 
computer system using the program product. 

Loading mechanism (31) 

Checking mechanism (32) 
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WPI Acc No: 2001-640289/200174 

XRPX Acc No: N01-478718 

Structured digital certificate for verifying entity's identity in 
internet, has cryptograph ical folder containing authorization information 
which is readable only by specific recipient 

Patent Assignee: HEWLETT-PACKARD CO {HEWP ) 

Inventor: CORELLA F 

Number of Countries: 027 Number of Patents: 002 
Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

EP 1130491 A2 20010905 EP 2000310771 A 20001204 200174 B 

JP 2001237827 A 20010831 JP 2000383141 A 20001218 200174 

Priority Applications (No Type Date) : US 2000483189 A 20000114 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
EP 1130491 A2 E 19 G06F-001/00 

Designated States (Regional) : AL AT BE CH CY DE DK ES FI FR GB GR IE IT 

LI LT LU LV MC MK NL PT RO SE SI TR 
JP 2001237827 A 12 H04L-009/32 

Abstract (Basic): EP 1130491 A2 

NOVELTY - The certificate comprises a primary type of authorization 
information that is relevant to specific recipient and readable by the 
specified recipient. A cryptographic folder contains a secondary type 
of authorization information which is readable by corresponding 
recipient and is not readable by previous recipient. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following : 

(a) Authorization information confidentiality providing method; 

(b) Digital certificate signing method; 

(c) Digital certificate delivery method; 

(d) Digital certificate signature verification method 

USE - For verifying the identity of an entity on data network such 
as internet. 

ADVANTAGE - Since each folder contains authorization information 
for specific relying party, the single structured digital certificate 
is used by multiple relying party. The authorization field is kept 
confidential by placing authorization field in one of cryptographic 
folders and replacing authorization information with cryptographic hash 
of authorization information in other fields. Since all folders 
of digital certificate is closed during digital certificate 
transmission, the time taken to transmit the digital certificate over 
the network is reduced with reduced network traffic and computational 
overhead. 

DESCRIPTION OF DRAWING (S) - The figure shows the block and dataflow 
diagram illustrating delivery of structured digital certificate to 
message recipient from certificate authority. 
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Registration data processor e.g. ECR (electronic cash register), POS 
(point of sale) terminal - has privilege providing component which 
outputs corresponding priviledge e.g. rebate, discount terms on 
predetermined goods to customer, when registered and stored customer 
hierarchy conforms 

Patent Assignee: TOKYO ELECTRIC CO LTD (TODK ) 

Number of Countries: 001 Number of Patents: 001 

Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

JP 11086141 A 19990330 JP 97239203 A 19970904 199923 B 

Priority Applications (No Type Date) : JP 97239203 A 19970904 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
JP 11086141 A 8 G07G-001/12 

Abstract (Basic) : JP 11086141 A 

NOVELTY - A privilege providing component outputs the privileges 
e.g. rebate, discount terms on predetermined goods assigned to each 
customer, when the registered customer hierarchy and stored customer 
hierarchy conforms. DETAILED DESCRIPTION - A key-pad (4) registers a 
customer hierarchy for every transaction of the customer. A privilege 
memory (7) stores the predetermined customer hierarchy to which the 
registered customer hierarchy is compared. 

USE - None given. 

ADVANTAGE - Assigns privileges to customers individually without 
needing customer card, depending on the hierarchy. Simplifies the 
verification of customer hierarchy by comparison and emits a commercial 
message depending on the hierarchy. DESCRIPTION OF DRAWING (S) - The 
figure shows the exterior perspective diagram of the POS terminal. (4) 
Key-pad; (7) Privilege memory. 
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WPI Acc No: 1998-193110/199817 

XRPX Acc No: N98-152887 

Thresholding mechanism for DP performance monitoring system - includes 
cycle counter activated by memory request signal and deactivated by data 
completion signal with thres holder generating output when cycle counter 
exceeds threshold 

Patent Assignee: INT BUSINESS MACHINES CORP (I BMC ) 

Inventor: DWYER H; LEVINE F E; WELBON E H; WRIGHT C G 

Number of Countries: 001 Number of Patents: 001 

Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

US 5727167 A 19980310 US 95422363 A 19950414 199817 B 

US 96654068 A 19960611 

Priority Applications (No Type Date): US 95422363 A 19950414; US 96654068 A 

19960611 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 

US 5727167 A 11 G06F-013/00 Cont of application US 95422363 



Abstract (Basic) : US 5727167 A 

The thresholding mechanism includes a memory hierarchy with at 
least one level of cache memory and a main memory processing a memory 
request signal and outputting a data completion signal. A cycle counter 
is activated by the memory request signal to the memory hierarchy and 
deactivated by the data completion signal. A clock coupled to the cycle 
counter increments it an with each clock cycle after it's activation. 

A monitor mode control register stores a variable software settable 
threshold value. A thresholder connected to the cycle counter receives 
an output count value when the cycle counter is deactivated. The 
thresholder compares the threshold value stored in the monitor mode 
control register with the output count value from the cycle counter. 
The thresholder generates an output when the count value exceeds the 
threshold value. An output connected to the event counter for 
generating an output for performance analysis. 

ADVANTAGE - Identifies distribution of access times for all 
levels of memory hierarchy . 
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Derwent Class: T01 

International Patent Class (Main) : G06F-013/00 
File Segment: EPI 
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WPI Acc No: 1996-011130/199601 

XRPX Acc No: N96-009545 

Authorising transactions for distributed currency or purchasing goods and 
services - receiving authorisation request over telephone from remote 
point-of-sale terminal and processing received request using database 
customised to business user to establish business ' s hierarchical 
structure 

Patent Assignee: VISA INT SERVICE ASSOC (VISA-N); VISA INT (VISA-N) 
Inventor: GOODMAN L M; LANGHANS S; SHAPIRO S L; SHAPIRO S 
Number of Countries: 064 Number of Patents: 005 
Patent Family: 

Kind Date Applicat No Kind Date Week 

B 



Patent No 
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WO 
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US 
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US 
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WO 
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A 
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Priority Applications (No Type Date): US 94241106 A 19940511; US 96597050- A 
19960205 

Cited Patents: GB 2118341; US 4727243; US 4812628 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 

WO 9531789 Al E 44 G06F-017/60 

Designated States (National) : AM AT AU BB BG BR BY CA CH CN CZ DE DK EE 
ES FI GB GE HU IS JP KE KG KP KR KZ LK LR LT LU LV MD MG MN MW MX NO NZ 
PL PT RO RU SD SE SG SI SK TJ TM TT UA UG UZ VN 

Designated States (Regional) : AT BE CH DE DK ES FR GB GR IE IT KE LU MC 
MW NL OA PT SD SE SZ UG 



US 5500513 
AU 9525459 
US 5621201 

CA 2190154 



A 20 G06F-017/60 

A G06F-017/60 

A 19 G06K-005/00 

C E G06F-017/60 



Based on patent WO 9531789 
Cont of application US 94241106 
Cont of patent US 5500513 
Based on patent WO 9531789 



Abstract (Basic) : WO 9531789 A 



The automated purchasing control method (94) involves receiving an 
authorisation request over the telephone line from a remote 
point-of-sale terminal (98) and processing the request using software 
having a database customised to a corporate user (70) to establish that 
company's hierarchical structure. 

Elements of the hierarchical structure are independently 
reconf igurable, so that a company can specify different hierarchical 
relationships in the software for authorisation, billing and reporting 
purposes. Different authorisation tests can be established for each 
position in a hierarchy , with a particular position being required to 
pass not only its own test, but the test of elements higher in the 
hierarchical tree. 

USE/ADVANTAGE - Automated purchasing control using credit cards in 
large company or corporation. Enables customisation for business 
customer. Allows company's expense and purchasing controls to automated 
and implemented without human intervention using purchasing or credit 
cards . 
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Title Terms: AUTHORISE; TRANSACTION; DISTRIBUTE; CURRENCY; PURCHASE; GOODS; 
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WPI Acc No: 1994-183743/199422 

Related WPI Acc No: 1994-007760 

XRPX Acc No: N94-145038 

File directory structure generator and retrieval tool for computer 
network - has open and save modules in background of application program 
for intercepting control of local processor for display of card for entry 
of data relating to file contents and location in real world hierarchical 
structure 

Patent Assignee: 2010 SOFTWARE CORP (TWOZ-N) ; CAPLAN S D (CAPL-I); 

COHEN-LEVY L (COHE-I); GRAVES A (GRAV-I); SCHMIDT R D (SCHM-I) 
Inventor: CAPLAN S D; COHEN-LEVY L; GRAVES A; SCHMIDT R D 
Number of Countries: 023 Number of Patents: 003 
Patent Family: 



Patent No 
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Date 
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Priority Applications (No Type Date): US 92974555 A 19921112; US 92896514 A 
19920610 

Cited Patents: US 4891785; US 5036484; US 5065347; US 5115504; US 5179718; 

US 5230072; US 5235679; US 5271007 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
WO 9411830 Al E 63 G06F-015/00 

Designated States (National) : AU CA JP KR NO NZ 

Designated States (Regional) : AT BE CH DE DK ES FR GB GR IE IT LU MC NL 
PT SE 

AU 9456047 A G06F-015/00 Based on patent WO 9411830 

US 5423034 A 24 G06F-015/40 CIP of application US 92896514 

Abstract (Basic) : WO 9411830 A 

The file directory structure generator and retrieval tool includes 
a document locator for mapping file directory structure and changing 
network access privileges. An open module in the background of an 



application program intercepts control of a local processor to open a 
file when a command is received. A save module intercepts control of 
the local processor when a command is received to request information 
on a file to be saved. 

The open module displays a card to allow entry of information 
relating to file contents and location. The save module displays a card 
to allow entry of file content and location information. 

ADVANTAGE - Easy to use. Avoids need to leave applications program. 
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Data processing for sorting and correcting postal addresses - using 
contextual predictive keying computer method enabling operator to read 
image of addressee mailing address and type in data to sort mail piece to 
final sorting level at destination post office 

Patent Assignee: INT BUSINESS MACHINES CORP (IBMC ) 

Inventor: BORGENDALE K W; ROSENBAUM W S 

Number of Countries: 012 Number of Patents: 003 

Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

EP 584607 A2 19940302 EP 93112567 A 19930805 199409 B 

EP 584607 A3 19950215 EP 93112567 A 19930805 199540 

US 5734568 A 19980331 US 92933421 A 19920821 199820 



Priority Applications (No Type Date) : US 92933421 A 19920821 
Cited Patents: No-SR.Pub; GB 2106679; US 4739479; US 4921107 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
EP 584607 A2 E 28 B07C-003/20 

Designated States (Regional) : AT BE CH DE ES FR GB IT LI NL SE 
US 5734568 A 24 G06F-017/60 

EP 584607 A3 B07C-003/20 



Abstract (Basic) : EP 584607 A 

The data processing method uses an address kernel determined by the 
system to be either sufficient or not sufficient in accomplishing a 
sorting of the mail piece down to the mechanical final sort level at 
the destination post office. The address kernel may be sufficient for 
the purpose of sorting to a residential neighbourhood having a sparse 
population, but a more densely populated neighbourhood is typically 
subject to a finer sorting using additional lines of the address. A 
rekeying station is provided with access to the final level sorting 
information for all destination postal offices. An address directory 
stored in the host system is organized by addressee records. 

Each record can include data fields for the state, city zip code, 
street name, street number, building floor, company name, and/or office 
number for a postal addressee. In addition, each addressee record 
includes route code information for the destination location. A 
contextual predictive keying computer method interacts with the 
operator to access the addressee records to indicate which combinations 
of the respective data fields in the addressee record will provide the 
unique, sufficient information to sort down to the final sorting level. 

ADVANTAGE - Optimises mail piece address correction sufficient to 



map mail down to carrier walk sequence. Allows min. number of 
keystrokes by operator. 
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Abstract (Basic) : GB 2239333 A 

Access descriptors (24) include an object index (34) for selecting 
an object in the address space, and a rights field (35) specifying the 
permissible operations on a bi-paged object (38) selected by an access 
descriptor. An object table (42) has stored object descriptors for use 
in forming physical addresses to a page table directory object (60). A 
page table (44) is used in forming physical addresses to the paged 
object (38) . Logic compares a page rights field (81) of a page table 
entry and a rights field (62) of a page table directory entry with the 
access type sought and asserts a fault if the access permitted by the 
page rights field is inconsistent with the access type sought. 

A mechanism provides for the implicit deallocation of certain 
objects, to prevent dangling references if access descriptors which 
point to objects with shorter lifetimes are stored in objects with 
longer lifetimes. Special instructions provide a mechanism for the 
amplification or restriction of the rights of access descriptors. 

ADVANTAGE - Accommodates simple to complex addressing structures, 
with access protection at each level of addressing. 
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Abstract (Basic) : GB 2238650 A 

A plant monitor system for displaying a plant parameter value 
comprises protection sensors, each of which generates a first set of 
respective value signals (PI, P2,,,PN) for the parameter and control 
sensors, each of which generates one of a second set respective value 
signals (CI, C2...CN) for the same parameter. A digital processor 
processes all the signals to generate a third set of display signals 
representing the value of each sensor. A fourth display signal is 
composed from the third set of signals to represent the parameter 
value. An operator interface is coupled to the digital processor and 
has display means for selectively displaying numeric values 
representing the third set of display signals and the fourth display 
signal. The digital processor has a logic means for composing the 
fourth signal from the third set of signals by discarding any signs in 



the third set which denate from the average of the third set by more 
than a predetermined amt . . 

USE /ADVANTAGE - Plant monitoring system for a nuclear power plant 
integrates monitors, control and protection information during both 
normal and accident conditions, simplfying the operator's task in 
deciding a suitable course of action and aids rapid asessment. (160pp 
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Abstract (Basic) : EP 340942 A 

The hierarchical data storage system has several levels ranging 
from a fastest access top level through an intermediate level to a 
slowest access bottom level. Each level has an access path independent 
of the access paths to the other levels. A system manager controls 
operations within the system, such operations including generating 
copies of named data objects within the system and locating the same in 
one or more levels. 

Copies of named data objects are migrated between the levels and a 
directory of the current location of each copy of each named data 
object is maintained within the system. Accessibility to data objects 
is provided within the system by name by reference to the directory and 
selection of that copy of a sought named data object to be in fastest 
accesses level, via the independent access path to that level. 
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ABSTRACT 

PURPOSE: To shorten total access time by reducing the generation frequency 
of medium exchange work. 

CONSTITUTION: Hierarchical order is set to respective media (recording 
media) , when accessing data to the media, hierarchical orders are set 
corresponding to the frequency levels of access predicated to these 
data, and this order is managed on a cache managing table. In a fixed time 
cycle, the hierarchical orders of respective data stored on a cache memory 
105 are investigated, and the data with the lowest access frequency are 
written out to the media to which the equal hierarchical order is set. 
Thus, the data with the almost equal access frequency can be recorded for 
each medium, and the generation frequency of medium exchange work inside an 
automatic changer 107 can be decreased. 
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ABSTRACT 

PURPOSE: To attain the protection control of recorded data by 
hierarchically controlling data in a graphic, allocating keys expressing 

the existence of reading, correction and addition rights corresponding 
to data in respective hierarchies , and at the time of generating a 

request, collating respective keys. 

CONSTITUTION: In case of executing an access such as correction and 
addition based upon a processing command from a command input part 1, a 
command processing part 4 successively collates data constituted of a tree 
structure from a protection key on the uppermost layer, repeats processing 
up to the arrival of a layer to be processed by the command processing, and 
if a data layer having no access right exists on the way, suspends the 
processing at that point. At the time of arriving at the command layer, a 



data processing part 5 adds the command processing to the data layer to 

store it in a data part 6. In case of adding new data, data for determining 

the contents of the protection key of the data are extracted from a 

reference value data part 7 and the protection key is allocated to the 
addition data 
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Abstract (Basic) : EP 1349042 A2 

NOVELTY - The contents file includes information related to content 
that can be interpreted by an interpreter. A description tree file 
includes descriptor blocks organized in hierarchical manner. The 
descriptor blocks contain usage rights associated with the 
content . 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for a 
data structure for specifying usage rights. 

USE - For distribution and usage rights enforcement for digitally 
encoded works in publishing and information industry. 

ADVANTAGE - Permits owner of digital work to specify if constraints 
may be imposed on the work. The creator of a work may be assured that 
the rights and fees are not circumvented. 

DESCRIPTION OF DRAWING (S) - The figure shows a flow chart 
illustrating a simple instantiation of the operation of digital work 
organized into acyclic structure. 
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Implementation of universal login through web browser for providing 
remote access to client terminals on electronic networks, involves 
providing remote user with access to client terminal in response to lower 
level credential data input 
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NOVELTY - The method involves providing a remote user with access 
to the user's client terminal environment in response to the input of 
lower level credential information on the web browser by the user, in 
which the lower level credential information provides authorized access 
to the client terminal environment of a particular user through 
directory access protocol. 

DETAILED DESCRIPTION - The method begins by organizing a network 
into a directory tree hierarchical structure using the directory access 
protocol. The hierarchical structure comprises of a lower level having 
at least one client terminal and associated client terminal 
environment with localized software applications. A particular level of 
the hierarchical structure of the network, corresponding to an 
amount of address and credential information entered by the remote 
user, is opened in response to the remote user input from a web 
browser. The credential information includes user identification and 
user password. The user ID and password are then checked against a list 
of user IDs located within the directory tree hierarchical structure 
for a match of the credential information. The user client terminal 
environment is simulated only when the user ID and password match those 
found in the directory tree hierarchical structure. INDEPENDENT CLAIMS 
are included for the following: 

(a) the remote access system to user client terminal environment on 
a network connected to the Internet; and 

(b) the computer program product for implementing remote access to 
user's client terminal environment on a network from a remote data 
processing system. 

USE - For providing remote access to client terminals on electronic 
networks using web browser application and the Internet. 

ADVANTAGE - Ensures improved electronic network in which remote 
access to client terminals is possible. Ensures remote login to a 
client terminal or workstation connected to electronic network using 
web browser application over the Internet and a modified directory 
access protocol. Improves the usability and flexibility of the Internet 
and describes a new and efficient method to allow end users to 
universally login to their workstation or work domain from anywhere in 
the world. 

DESCRIPTION OF DRAWING (S) - The figure shows the high-level logical 
flowchart depicting the process of enabling a client terminal 
simulation on a web page in accordance with a preferred implementation 
of universal login through web browser. 
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Cont of application US 98133497 
Cont of patent US 6389460 

Abstract (Basic): US 20020169818 Al 

NOVELTY - An object storage device stores objects in directories 
, based on object locator associated with the network, and state and 
authorization information. A proxy server (102) connected between user 
terminals and computer network, retrieves requested object from object 
storage device using combination of object locator obtained from 
request together with state and authorization information associated 
with request. 

USE - For data provision system. 

ADVANTAGE - Efficiently and rapidly stores and retrieves data from 
data store and provides an efficient database structure. 

DESCRIPTION OF DRAWING (S) - The figure shows the block diagram of 
the proxy system. 

Proxy server (102) 
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Paged memory accessing system for memory management in computer system, 
has processor accessing pages in memory through page directory and page 



table entries 

Patent Assignee: INTEL CORP (ITLC ) 
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Number of Countries: 001 Number of Patents: 001 
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Patent No Kind Date Applicat No Kind Date Week 

US 6289431 Bl 20010911 US 9813414 A 19980126 200167 B 
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Patent Details: 
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Abstract (Basic) : US 6289431 Bl 

NOVELTY - A processor accesses pages in memory having different 
page sizes through 4 byte page directory entry (222) and a 
corresponding 4 byte page table entry (232) that store base physical 
address (242) . The page table entry inherits permissions from the 
page directory entry. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for 
paged memory accessing method. 

USE - For memory management in computer system. 

ADVANTAGE - The processor can access more than 4 gigabytes of 
physical memory, while maintaining 4 kilobyte pages, thus reducing 
modifications to existing operating system. 

DESCRIPTION OF DRAWING (S) - The figure shows 32 bit linear address 
scheme for accessing 4 kilobyte pages in physical memory up to 4 
gigabyte in size. 

4 byte page directory entry (222) 

4 byte page table entry (232) 

Base physical address (242) 
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Copyright information management system for audio and video disk - stores 
intellectual property right data in hierarchical format, which is then 
displayed as real-time serial data 
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Abstract (Basic) : JP 11175618 A 

NOVELTY - The information about intellectual property rights of 
specific stored data is stored as real-time serial data in the 
arbitrary areas of a memory. The hierarchical format of intellectual 
property rights is stored separately. The real-time display about 
the open or ending point of a real-time serial data is carried out 
along with hierarchical data. 



USE - For audio and video magnetic disk in computer. 

ADVANTAGE - As real-time display in correspondence with 
hierarchical data is carried out, designation of specific data is 
simplified. DESCRIPTION OF DRAWING (S) - The figure shows block diagram 
of copyright management system. 
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Directory accessing method in wide area network from computer - involve 
verifying user identification number and matching password to determine 
initial access right to number of directories and locating item to be 
searched by performing a search in number of directories in wide area 
network for item 

Patent Assignee: INTEL CORP (ITLC ) 

Inventor: MURPHY S T 
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Abstract (Basic) : US 5644711 A 

The method involves transmitting a user identification number, a 
matching password and a directory query request from the computer to 
the wide area network. A directory query request requests an item to be 
searched in a number of directories in a wide area network. The user 
identification number and the matching password are verified to 
determine initial access rights to the number of directories. 

The item to be searched is located by performing a search in the 
number of directories in the wide area network for the item once the 
user identification number and matching password are verified for 
initial access to the number of directories. The located item is 
returned to the computer if the user identification number and the 
matching password allow the final access rights to the specific 
directory in the wide area network which contains the located item. 

ADVANTAGE - Restricts directory access to those who have proper 
security access. 
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Protection mechanism preventing unauthorised access to technical system 
resources of numerical machine tool or robot - stores access rights 
within numerical controller using hierarchy of numerical values, and 
determines whether user group value is greater or less than value defined 
for system resource 

Patent Assignee: SIEMENS AG (SIEI ) 

Number of Countries: 001 Number of Patents: 001 

Patent Family: 
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Abstract (Basic) : DE 29604605 U 

The mechanism stores access rights internally within the 
numerical controller using a hierarchy of numerical values (1-5) , 
where a larger number represents more extensive access rights . Users 
or operators (B1-B7) with the same access rights are combined into user 
groups. Different user groups are differently organised hierarchically. 

Machine data of the numerical controller are used to alter which 
user groups have access rights to which technical system resources 
(R1-R9) . Each user or operator has a unique identifier for the 
numerical controller which can be associated with a user group via 
machine data. A mechanism for checking adequate access rights when a 
resource access is attempted performs a comparison to determine whether 
the user group value is greater or less than the value defined for the 
system resource. 

USE/ADVANTAGE - Ensures that groups of users only have access to 
those system resources which they require, e.g. to technical functions 
and data. 
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Data packet routing method e.g. for ATM communication - using packets 

with at least two headers including virtual channel and virtual path 

identifiers for switching and PTN routing control 
Patent Assignee: ALCATEL BUSINESS SYSTEMS LTD (ALCA-N) ; FRANCE TELECOM 

(ETFR ); ALCATEL (COGE ); ALCATEL BUSINESS SYSTEMS (ALCA-N); ALCATEL 

BUSINESS SYSTEMS LTD (COGE ) 
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Abstract (Basic) : EP 689320 A 

The method involves emitting a packet (41) with a virtual channel 
and a virtual path for use on a private network. The virtual channel 
consists of 12 bits with the four msb having a predetermined value. The 
virtual path contains 16 bits with the eight msb storing self-routing 
data. The packet is channelled (42) to a node connected with the PTN. 

The private virtual path is shifted to a reserved zone within the 
header and replaced (43) by a public virtual path. The packet is then 
routed (44) through the PTN to be received at another node of the 
private network. The public virtual path is replaced (45) by a stored 
private virtual path from the zone prior to routing (46) to its 
destination . 

ADVANTAGE - Compatible with all network patterns and combinations 
of patterns. Simple interconnection to sub-networks. Requires small 
memory capacity. Provides automatic self-routing. Data integrity 
maintained. * 
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data processing system e.g. for generating ticket authorisation - uses 
authorisation mechanism which generates corresp authorisation ticket, 
which includes access right of client and is encrypted with encryption 
key derived from password of server 
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Abstract (Basic) : CA 2102743 A 

The system includes client and server mechanisms. The server 
mechanism includes a server resource and an authorisation mechanism. 
The latter includes a directory server for storing and providing 
access rights of the client mechanism to the server resource. 

The client mechanism generates operation requests for operations to 
be performed by the server w.r.t. the server resource. The client 
mechanism generates a request to authorisation mechanism for an 
authorisation ticket to the server resource and the authorisation 
mechanism for authorisation ticket to the server resource and the 
authorisation mechanism responds to a request for an authorisation 
ticket by returning an authorisation ticket contg an identification of 
client . 

USE/ADVANTAGE - For sharing commination connections between client 
and server e.g. for polling of server worker process. Provision for 
compatibility of client and server platforms. Prevention danger of 
potential security problems since all servers must have access to 
directory server to exclude false server against penetration system 
security 
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Integrated circuit card for controlling access to files contained in card 

- has access condition controllers with access key designation table 

indicating which keys require verification 
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Abstract (Basic) : EP 583006 A 

The integrated circuit card includes a processing controller and a 
non-volatile memory. The memory has several files in a hierarchical 
structure. Each file has an access conditions controller relating to 
the level number of the hierarchical structure. A volatile memory has 
several key data fields corresponding to the level numbers. The 
access conditions controller limits the level number. 

Each file contains level number information and parent file 
information. The key data fields obtain the lowest level number of 
common branches in the structure of a selected file and a newly 
selected file. Level information is held in the key field and other 
field information is abandoned. 

USE/ADVANTAGE - Controlling using key referencing data, access to 
several files contained within card. Compatible with hierarchical file 
structure. Maintains file confidentiality. 
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Data sorting circuit for software performance analysis - includes circuit 
having several levels, each having two sets of latches, RAM and digital 
comparator 
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Abstract (Basic) : US 5168567 A 

The data sorting circuit includes a data storage element with an 
input receiving a data item from a data storage element output on an 
immediately preceding level, where the storage element stores the data 
item and provides the data item as an output. A RAM is preprogrammed 
with information regarding the boundaries of the contiguous data ranges 
and defining decision points of a binary tree . The RAM is addressed 
by address data from an immediately preceding level to access a 
stored value and supply the stored value as an output. 

A comparator is coupled to compare the output of the data storage 
element and the output of the RAM and produces an additional address 
bit for a next level. A results storage element has an input to receive 
address data from the immediately preceding level and an output 



providing the address data to the next level. 

USE /ADVANTAGE - For counting occurrence of address calls. Rapid 
operation within large number of data ranges. Requires only linearly 
increasing amount of hardware to monitor exponentially increasing 
number of data ranges. 
Dwg. 1/1 
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Hierarchical cellular static store occupying smaller chip surface - 
reduces read-out circuit complexity with strong row signals delivered by 
cells at critical surface requirement levels 
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Abstract (Basic) : EP 393434 A 

In e.g. a 64K static CMOS random- access memory, the lowest level 
(HO) of the hierarchy contains a single cell, while the next level 
(HI) is an 8 x 8 array with all columns linked to an input/output 
circuit (Dll/0) . 

The third level (H2) has one I/O circuit (D21/0) for each row of 
64-cell elements, and the top level (H3) one per row of 4K memory 
blocks, connected to an amplifier and buffer (V) . 

ADVANTAGE - A more compact store is achieved with faster access 
time, having the peripheral row and column circuits implemented at the 
upper hierarchical levels. (19pp Dwg. No. 2/6 
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Cache storage system for multiprocessor - shares level two cache 
according to priority algorithm and invalidates data until it is updated 
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Abstract (Basic) : EP 348628 A 

The multi-processor system uses main storage and caches. Each 
processor has a cache, which is called a first-level cache, and these 
all interface with a single, second-level, cache, which in turn 
interfaces with the main storage. There is a central directory 
containing only first level cache information. Requests to access 
the second level cache are controlled and assigned priorities by a 
controller. Access by first level caches to the second level one is 
governed by priority on a round robin basis, that is waiting requests 
are serviced in a continuous, circulating sequence. The central 
directory is able to compare the data in the first level caches with 
that in the second, and to inhibit reading from any which is found not 
to be consistent with it. Thus after any modification to the second 
level cache corresponding data in the first is invalid until modified. 

ADVANTAGE - Data organised and consistency maintained. 
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... UNIX file permissions and ownership is set. The following dissects 

the output of a long list: 

* First column: Identifies the type of file and its associated 
permissions . 

* Second column: Indicates the number of links existing for a file or 
a directory; all files except directories register a 1, unless they are 
linked to another file name. 

* Third column: Lists the owner of the file. 

* Fourth column: Identifies group ownership. 

* Fifth. . . 
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...ABSTRACT: lets different types of directory services communicate. A 
Directory Information Tree (DIT) acts as an object-oriented tree with 
strict definitions of what information is stored at each level . 
Directory Access Protocol (DAP) performs communication between X.500 
servers, or Directory System Agents, and Directory User Agents (DUA) . LDAP 
is a simplified version of DAP created. . . 



13/3, K/3 (Item 3 from file: 275) 

DIALOG (R) File 275: Gale Group Computer DB(TM) 
(c) 2004 The Gale Group. All rts. reserv. 

01915608 SUPPLIER NUMBER: 18109725 (USE FORMAT 7 OR 9 FOR FULL TEXT) 

The preferred tree- trimmer ' s tool. (Preferred Systems DS Standard NDS 

Manager) (includes related article on executive summary) (Software 

Review) (Evaluation) 

Kalman, Steve 

LAN Magazine, vll, n4, pl42(5) 
April, 1996 

DOCUMENT TYPE: Evaluation ISSN: 1069-5621 LANGUAGE: English 

RECORD TYPE: Fulltext; Abstract 

WORD COUNT: 4 4 97 LINE COUNT: 00338 

... rights. However, users in other branches of the tree have no such 

default inheritance. To protect against a common mistake, an administrator 
might use a container with those rights as a template to be applied 
against other containers in the same section of the tree . When that 
model is used to create a live tree ("configured," in DS Standard 
terminology), those file system rights will be added, too. 
These templates... 
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. . . directory. ) You can specify that certain files in a directory 

should be suppressed from automatic directory indexes. 

You can also create access-control files for each branch of your 
document tree . These files contain lists of authorization realms that 
will be permitted or denied access to the branch. From what we could see in 
perusing the server documentation, you have roughly as... 



13/3, K/5 (Item 5 from file: 275) 

DIALOG (R) File 275: Gale Group Computer DB(TM) 
(c) 2004 The Gale Group. All rts. reserv. 

01861495 SUPPLIER NUMBER: 17433066 (USE FORMAT 7 OR 9 FOR FULL TEXT) 

All quiet on the NetWare front, (how to secure four weak areas on NetWare 
networks) (Special Report) (Product Support) (Tutorial) 

Runyan, Pete 

LAN Magazine, pl42(6) 

Oct, 1995 

DOCUMENT TYPE: Tutorial ISSN: 1069-5621 LANGUAGE: English 

RECORD TYPE: Fulltext; Abstract 

WORD COUNT: 4 939 LINE COUNT: 00401 

her home directory. This allows the user complete control over a 
personal area. For generic network accounts such as Guest, disallow 
supervisory and Access Control rights in the home directory to contain 
any problems in a single area. Furthermore, concerning users 1 home 
directories , it's also a great idea to restrict the amount of volume space 
a user has access to using either the DSPACE or SYSCON utility. . . 
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Useful but needs modern features. (Opus One's WinMail 1.5c E-mail 

software) (One of 11 evaluations of six E-mail packages in "Lab test 

E-mail packages) (Software Review) (Evaluation) 

PC User, n264, pll6(2) 
July 26, 1995 

DOCUMENT TYPE: Evaluation ISSN: 0263-5720 LANGUAGE: English 

RECORD TYPE: Fulltext; Abstract 

WORD COUNT: 623 LINE COUNT: 00050 

... of the folder -- who the sender is or what the contents are, for 

example it will intercept the mail from the general in-box and store 
it to itself. 

All folders 1 Secretaries have equal rights to an incoming piece 
of mail, so mail can be stored to multiple folders. Popup reminders can 
be set up to alert users about the presence of newly arrived mail. 
Incoming mail has three different colours... 
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most distinguishes it from the freely available HTTP, is its 
extensive permission-setting capabilities, which form the basis of its 
security mechanisms. You can set permissions for every file, directory 
, group of files, or group of directories on your data structure and 
associate them with a wide range of criteria. 

Purveyor accomplishes this through access control, which can be set up 
through four criteria: the type of access... 
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... Properties may include a user's e-mail address or the physical 

location of a printer. 

Root object. The root object is the highest access point to the 
Directory tree. It also allows trustees to be granted rights to the 
entire tree . 

Trustee. Users or groups are granted rights to work with 
directories, files, or objects, and those users are called trustees of 
those directories, files, or objects. Rights flow down the tree structure. 
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... a protected file like /etc/passwd . UNIX file security only applies 

to UNIX applications run through MachTen. MachTen uses a trick to handle 
UNIX file permissions : An invisible file in each directory stores 
the permissions of each enclosed file. This trick works for networked 
clients using a MachTen Server, but it provides little security to local 



users . 

If you want. 
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read, write, and delete rights in the directory where the main 
program lives. Magee does not use Btrieve and uses this fact as a selling 
point . 

Certainly you do not want to expose your users to all possible 
rights in this directory , because you do not want them to delete it. Use 
your good judgement to prevent your users from getting into that directory. 
I don 1 1 . . . 
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... to the contents of subdirectories under the mapped drives. Users' 

rights flow downward, so users with access to a network drive" directory 
have the same rights in its subdirectories. You may not want to give all 
users rights to all root directories . 

* Maintain a log of which files and applications are stored on 
each PC and in which directories they're located. Ifs easy to track 
files on a small network, but as you add users the task becomes more 
difficult. A log will... 
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... Directories, because they are files, share the same permissions. To 



limit access to all the files in a subdirectory, you can change the 
directory's permissions to, say, execute for the owner only. This will 
exclude all other users from that directory and any subdirectories it 
may contain . Permissions are modified by chmod and permission defaults 
for file creation are set by vmask. See figure 3. 

XENIX implements UNIX file name links. A file... 
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... the hard disk (even if LAN Manager is not running), it's necessary 

to log on locally. Even without the Local Security option set, HPFS386 
stores access permissions for each file and directory within the 
file's own extended attributes. This prevents someone from looking at data 
on the disk with standard HPFS. 

UNCOMPLICATED 

INSTALLATION — USUALLY 

Before adding. . . 
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. . . ABSTRACT : tool for managing a wide variety of resources on Novell 
NetWare networks. The program can access up to 12 servers with up to 26 
logically mapped drives each . Administrators can organize server 
directories through a tree-like graphical interface and set user rights . 
Its statistical capabilities include using numerical analysis to gauge the 
efficiency of hard disk drives and depicting the results in a bar graph; 
collecting detailed. . . 
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... to allow access by other users. 

E--Erase. Erase files and subdirectories. Similar to NetWare 286' s 
Delete . 

F — File scan. See the attributes, or rights , associated with 

files . 

S — Supervisory. Grant all rights to the directory and all files 

in it. 
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with any (meaningful) combination of the following permissions for 
a server directory or file resource: None; Create; Delete; Read; Writer- 
Execute; Change attributes and Change permissions . 

Every directory and every file on the server has a set of 
permissions for each user associated with it. It is important to realise 
that the access permissions are associated with the server directories and 
files, in the manner of Novell Netware... 
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... to the authentication mechanism, the identity of the client on the 

other side of the RPC interface. The file server then determines the 
client ! s rights of access to various directories and files by consulting 
the access-control list associated with each directory in the system. 
This list specifies access rights for the directory itself and for all 
the files contained in it. An access-control list is an array of pairs; the 
first item in. . . 
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the transaction. 
Role-based Authorization and Administration 

At installation, both DomainGuard products automatically map all 
resources on the Web server as controllable objects,, letting administrators 

point and click to define read, write or execute rights to specific 
objects or entire portions of the directory tree . 

With DomainGuard Rules, managers can create unambiguous business 
rules for user transactions. Permissions are verified before a Web form 
is delivered to an application server. DomainGuard Rules looks at 
quantities, dollar amounts, part numbers, time of day -- virtually. . . 
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... templates, lengths, duration 

and history. PROTEC 1 s Save Configuration feature allows the system 
administrator to protect each station's hard drive without having to 
reconfigure each node separately. Directory trees 
and ouse support 

allow the system administrator to define permissions for files and 
directories through " point and click. " 

Groups are utilized in PROTEC 4.0 to reduce maintenance and 
administrative time by limiting access to files, directories, drives, 
the computer 1 s . . . 
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leading NDS (Novell Directory Services) , information about the 
network and its users, such as what applications a user requires, desktop 
and configuration preferences and access rights to a computer are all 
stored in the directory . Users experience productivity increase with 
Windows-based desktops that are more reliable, easier network application 
access and quicker IS response. Network administrators spend less time... 
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. . . application, I can assign a user or group read-and-write access at 

the top of the tree or at an organizational unit. The single rights 
assignment then flows down the tree, granting the user those same rights 

to all directory objects below that point in the tree. In essence, 
this feature gives the user or group read-and-write access to the entire 
branch of a tree . 
This same ... 
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... to an object oriented concept that's more like Novell's than what 

Microsoft used to have. 

For example, you can control the properties of entire domain trees 
, set inheritable permissions on containers and even set the site 
topology. All of this new management is made easier by an extensive 
collection of wizards that can guide you through... 
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... scheduling software they use. 

Control Data also showed a meta-directory product, Rialto Global 
Directory Meta Edition. A meta directory acts as a master for all of an 
enterprise's application directories , mapping field equivalencies and 
authorizations , and replicating changes. The Rialto version is scheduled 
to ship in June. It will use an X.500 directory but interoperate with 
proprietary directories that . . . 
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installed, users can run the migration NLM, which takes the data 
from the 3Com server and writes it to the NetWare server. It creates the 
same directory structure for the data, and it establishes the same users 
with the corresponding security rights as the original, sources said. 

Novell would not comment on the migration tool's availability or 
pricing . 

Today, Novell offers pricing incentives for users who. . . 
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TEXT: 

...as authorizing restricted or privileged functions, such as signing 
loan documents, accessing certain computer programs, or foreign-exchange 
trading up to a certain value. The same computer directory that holds 
the individual's identity parameters can also list the privileges she's 
entitled to. I is for the integrity of the message. When you sign a 
contract, you want to be sure all words, graphs... 
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and Net Dynamics, and new Web applications like Oblix IntraPower, 
use LDAP as the means of integrating multiple applications and computing 
environments into a coherent whole . 

A directory is a specialized repository that contains lists of 
system users and their access rights . It also functions as a kind of 
network white pages, giving users a simple way to locate applications, 
print services, and other computing resources. The... 
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errors . 

Multilevel password control can provide an effective segregation of 
incompatible functions where no physical segregation is possible. It can 
restrict employees who share the same computers to specific directories 
, programs, and data files. Stored authorization tables can further 
limit an individual's access to read-only, data input, data modification, 
and data deletion capabilities. While not a substitute for effective... 
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file system—also known as FAT16--and NTFS, a file system which 
allows for long filenames, deep directory trees, and both uppercase and 
lowercase characters. Each file and directory in Windows NTFS contains 
attributes specifying permissions for the owner, group, and the world to 
read, write, and execute. 

The feature set supported on the Windows 95 file system is very 
similar. . . 
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TEXT : 

...NetWare LAN a simple point-and-click operation — you may never 
have to run Novell Inc. 's SYSCON again. LAN Escort automates the task by 
storing a set of defaults for all new users, including directory and 
file access rights , available applications, and printers. 
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... the distributed database called Network Directory Services (NDS) , 

which replaces the bindery database of NetWare 2.x and 3.x. 

MASTERING NDS. While the bindery contains information about users 
and their rights to resources on a single server, NetWare Directory 
Services is a distributed database about the users and resources of an 
entire network of servers. 

When a user seeks access to any network resource... 
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...TEXT: and Net Dynamics, and new Web applications like Oblix IntraPower, 
use LDAP as the means of integrating multiple applications and computing 
environments into a coherent whole . 

A directory is a specialized repository that contains lists of system 
users and their access rights . It also functions as a kind of network 
white pages, giving users a simple way to locate applications, print 
services, and other computing resources. The... 
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...TEXT: determine who is calling you and much more.) 
Common Directory Access Requirements 

In the corporate environment, productivity is significantly improved by 
providing employees with seamless access to all three types of 
directory information: 

* Personal directory information refers to private contact information 
(for example, doctors and dentists, accountants, lawyers, personal 
contacts, etc.), which is usually managed and used by a single person. 

* Enterprise . . . 
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...TEXT: called the Information Control Block, (ICB). One of these 
structures exists for each file and directory, and is at least one sector 
long. Each ICB contains information about one file or directory , such 
as its permissions , and when it was last accessed. The only field 
relevant to our discussion is a collection of pointers, called allocation 
descriptors in the standard, which... 
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...TEXT: network is treated as a single logical entity. Users have only one 
logon procedure to access the NetWare-based network resources to which they 
have rights . 

This concept also holds true for NetWare administrators, who can manage 
network resources at one location — the NDS tree . The NDS tree is a 
distributed, replicated database defining network resource attributes, 
including user accounts, for NetWare. It replaces the bindery, which was a 
flat. . . 
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...ABSTRACT: one at each end of the track and one in the middle. Software 
developed specifically to run under Windows can provide a graphical 
representation of each file, directory , and volume to which the user 
has mapping rights . Also, a librarian function is included to keep 

track of every version of every file saved to tape. QFA operations permit 
the file to be. , , 

. . .TEXT: benefit from an intuitive method of viewing the data on the 
network. Software developed specifically to run under Windows can provide a 
graphical representation of each file, directory and volume to which 
the user has mapping rights in addition, a librarian function is 

included to keep track of every version of every file saved to tape. The 
librarian also provides the capability... 
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...TEXT: Empress tree, the clone is disease resistant and infertile—so it 
can't spread unchecked in the wild and invite customs restrictions. 

Tree Technology Inc. holds the rights to the engineered paulownia, and 
it plans to plant 10,000 acres each year. By the year 2010, Tree 
Technology predicts that the paulownia will be worth at least $116,000 per 
acre . 

OPPORTUNITY 

Be a dealer: The engineered paulownia will be a crucial. . . 
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and Net Dynamics, and new Web applications like Oblix IntraPower, 
use LDAP as the means of integrating multiple applications and computing 
environments into a coherent whole . 

A directory is a specialized repository that contains lists of 
system users and their access rights . It also functions as a kind of 
network white pages, giving users a simple way to locate applications, 
print services, and other computing resources. The... 
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... to an object oriented concept that's more like Novell's than what 

Microsoft used to have. 

For example, you can control the properties of entire domain trees 
, set inheritable permissions on containers and even set the site 
topology. All of this new management is made easier by an extensive 
collection of wizards that can guide you through... 
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justification for a big directory with LDAP access is to make 
public keys available. LDAP, he says, isn't a good fit for directories 
that store information about user privileges . Moskowitz, too, feels 
"no one really understands directories " or knows what one 
directory will use to query the other, "although it won't be LDAP." 
Geoff Baehr, Sun's chief network officer, says the problem with LDAP is... 
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scheduling software they use. 
Control Data also showed a meta-directory product, Rialto Global 
Directory Meta Edition. A meta directory acts as. a master for all of an 
enterprise's application directories , mapping field equivalencies and 

authorizations , and replicating changes . The Rialto version is 
scheduled to ship in June. It will use an X.500 directory but 
interoperate with proprietary directories that... 
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installed, users can run the migration NLM, which takes the data 
from the 3Com server and writes it to the NetWare server. It creates the 
same directory structure for the data, and it establishes the same 
users with the corresponding security rights as the original, sources 
said . 

Novell would not comment on the migration tool 1 s availability or 
pricing . 

Today, Novell offers pricing incentives for users who... 
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FEATURES, FEATURES. 

Both NFS clients now support System 7, and, along with that, support 
for the AppleShare privilege mechanism, which allows you to change the 
permissions on directories contained in mounted volumes. Both clients 
also let different Macs mount the same directories . Previous versions 
of Pathway did not allow this. 

Line termination is an issue with NFS clients. Unix terminates every 
line of a text file with... 
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. . . deleting print queues for one particular group. Is this possible? 

I tried making this user a manager for the group, but he still has 
insufficient rights to delete a print job. I have tried giving this user 
all rights to the directory where the jobs are stored 
(SYS:SYSTEM/XXXXXXXX.QDR) , but still have no luck. This seems like a 
simple function; am I missing something? Thanks for any help. 
If you. . . 
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Text : 

. . . network is treated as a single logical entity. Users have only one 
logon procedure to access the NetWare-based network resources to which they 
have rights . This concept also holds true for NetWare administrators, 
who can manage network resources at one location - the NDS tree . The 
NDS tree is a distributed, replicated database defining network resource 
attributes, including user accounts, for NetWare. It replaces the bindery, 
which was a flat. . . 
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directory (a URL whose last component is the directory 
name) . 

ACCESS Files 

Access to individual files and directories is controlled by a 
configuration file in each source archive directory named 1 ACCESS 1 . 
The ACCESS files contain specifiers for the access rights of elements 
in the corresponding directory (and optionally forthe directory itself 
using the I.' specifier). Specifiers in the ACCESS file override 
specifiers in the mime, types file, Each specifier is... 
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Detailed Description 

. . . B, 53 Server Administration 

The Server Adminstration menu item are the adminstrative functions. See 

the tutorial on- NaviServer for a description. 

B, 5A General (Preferences) 

Contains preferences specific to NaviPress, including whether to load 
remote images with each document, a directory to cache files in, your 
email address, and proxy and name servers. 

B,5,5 Extensions/NUMEE (Preferences) 

Contains a list that associates file name extensions (such as html or 
-gif) with file MIME types. This list is only used by NaviPress when 
opening local files or receiving... 
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grows, the system reduces 
"bottlenecking" that often occurs when users access 
information from a common source. 



In one embodiment, the invention provides a 

mechanism for each level of a hierarchy to access other 

levels , This is done by storing at each level the 
information needed to access repositories at that particular 
level, at higher levels or at lower levels of the 
repository. 

Although the . . . 
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Detailed Description 

... it passes through in the process. Thus, with a single call, a 

FSIterator can be used to collect attributes from every file which has 
the same parent directory . 

Identity is the subject of file manager privileges . An identity can 
either be an individual, or a set of individuals and other sets. 
Identities can be given permission to perform specific actions on 
specific files and directories. 
Privileges specify what an identity can do to a file or a directory. 

Every file and directory has a list of identities and the privileges 
associated 

with those identities. Privilegelterator is mechanism for iterating over 
identity/ privilege pairs for a file or directory. Every volume, 
directory and file has a list associated with it which defines what 
requests on that volume, directory or file are allowed to be performed on 
behalf of particular identities. 



These access control. 



12/3,K/40 (Item 30 from file: 349) 

DIALOG (R) File 34 9:PCT FULLTEXT 

(c) 2004 WIPO/Univentio . All rts. reserv. 

00263661 **Image available** 

FILE DIRECTORY STRUCTURE GENERATOR AND RETRIEVAL TOOL FOR USE ON A NETWORK 
GENERATEUR D'UNE STRUCTURE REPERTOIRE DE FICHIERS ET OUTIL D' EXTRACTION 
UTILISES DANS UN RESEAU 

Patent Applicant /Assignee : 

2010 SOFTWARE CORPORATION, 
Inventor (s) : 

COHEN-LEVY Leon, ' 

GRAVES Aaron, 

CAPLAN Sergio D, 

SCHMIDT Robert D, 
Patent and Priority Information (Country, Number, Date) : 

Patent: WO 9411830 Al 19940526 

Application: WO 93US10990 19931112 (PCT/WO US9310990) 

Priority Application: US 92974555 19921112 
Designated States: 

(Protection type is "patent" unless otherwise stated - for applications 
prior to 2004) 

AU CA JP KR NO NZ AT BE CH DE DK ES FR GB GR IE IT LU MC NL PT SE 
Publication Language: English 
Fulltext Word Count: 15022 

Patent and Priority Information (Country, Number, Date) : 

Patent: . . . 19940526 

Main International Patent Class: G06F-015/00 
International Patent Class: G06F-15:21 ... 

. . . G06F-15:40 

Fulltext Availability: 
Detailed Description 
Claims 

English Abstract 

...19), and a local processor operating according to an operating system 
(8) and an application program. The local memory (18) and the shared 
memory (19) store files in a directory structure. Each file and level 
in the directory structure has network access privileges . The file 
directory structure generator and retrieval tool has a document locator 
module (20) that maps the directory structure of the files stored in the 

Publication Year: 1994 

Detailed Description 

. . . containing a memo can be saved so 

that certain network users can read the memo and other 

network users can edit the memo. Setting a level ! s 
access rights automatically sets the access rights for 
all files and levels hierarchically below that level. A 

network user designated as the supervisor has all access 

rights to all levels and files, in the representative 

embodiment, only the. . . 

Claim 

... a shared 

memory, and a local processor operating according to an 
operating system program and an application program, the 
local memory and the shared memory storing files in a 
directory structure having levels, each file and level in 
the directory structure having network access privileges , 
the local memory and shared memory comprising the highest 
level of the directory structure, the file directory 
structure generator and retrieval tool comprising: 
a document . . . 



.a shared 

memory, , and a local processor operating according to an 
operating system program and an application program, the 
local memory and the shared memory storing files in a 
directory structure having levels, each file and level in 
the directory structure having network access privileges , 
the local memory and shared memory comprising the highest 
level of the directory structure, the file directory 
structure generator and retrieval tool comprising: 
a document . . . 

. a shared 

memory, and a local processor operating according to an 
operating system program and an application program, the 
local memory and the shared memory storing files in a 
directory structure having levels, each file and level in 
the directory structure having network access privileges , 
the local memory and shared memory comprising the highest 
level of the directory structure, the file directory 
structure generator and retrieval tool comprising: 

document locator. . .device 
storing a plurality of files in a directory structure, 
the server comprising a network access program that sets 
and checks a set of-access privileges for each one of the 
plurality of files, each one of the directories in the 

directory structure and each network storage device, the 
network access interface controller comprising: 
an intercept module that intercepts control from the 
applicaiion program without exiting the... 
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Detailed Description 
. . . memories, and 

controllers. The local 



bus may itself be connected via a 



controller to a higher bus, and so on, up the hierarchy. 



The higher level controllers each have access to a 

directory of state information, and are termed director 
controllers. The directory is set- associative and has 
space for state bits for all the d 
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Data Structures and Policies Of File System Implementations 

It is not generally possible to describe file system data structures 
and organization commonly across all file system implementations. The 
general requirements of all file system implementations are common, 
however; and these are that it should be possible to allocate and free 
space for file data and to allocate and free space for any auxiliary data 
describing the layout and characteristics of files and directories in the 
file system. Therefore, for simplicity, an overview of data structures 
and file system space management procedures is given here for the UFS 
file system implementation, but the principles and the invention to be 
detailed apply equally to UFS and to other file system implementations. 
However, to prevent ambiguity, the term UFS will be used to qualify the 
description that applies particularly to the UFS file system 
implementation . 

In the UFS file system the internal representation of a file is given 
by an inode which contains a description of the device layout of the file 
data and other information such as file owner, access permissions , and 
access times. Every file (or directory ) has one inode, but may have 
several names (also called links), all of which map into the same inode. 
When a process creates or opens a file by name, UFS parses each component 
of the file name, checking that the process has the necessary privileges 
for searching the intermediate directories and then retrieves the inode 
for the file. In the case of opening or creating a new file, UFS assigns 
to the file an unused inode. Inodes are stored in the file system and UFS 
reads the needed inodes into an inode table that is maintained in primary 
storage for ease and efficiency of access. 

A file system in UFS is a sequence of logical blocks. The size of a 
logical block is a convenient multiple of the smallest size in which data 
transfer can be performed to secondary storage. 

Each UFS file system includes a number of special blocks, which contain 
file system administrative data, and whose contents are manipulated 
without explicit request from or knowledge of application programs. One 
of them is a superblock, which describes the state of the file system and 
information identifying available inodes and free space (unallocated 
blocks) in the file system. For achieving compact layouts, UFS divides a 
file system into smaller divisions called cylinder groups, and uses 
algorithms that promote allocations of inodes and data blocks from the 
same or neighboring cylinder groups among correlated uses. To protect 
against catastrophic loss of information, the superblock is replicated 
among the cylinder groups. Other blocks containing administrative 
information include blocks that contain bitmaps describing the available 
blocks within each of the cylinder groups, and blocks from which space 
can be used for allocating inodes. 

The blocks that contain file data are reachable from the inode for the 
file by one of three means. The inode itself contains the logical 
addresses for several initial data blocks. In addition, the inode 
contains a few block addresses for "indirect" and "double indirect" 
blocks for large files. The indirect blocks contain addresses of 
additional data blocks for a file and double indirect blocks contain 
addresses of additional indirect blocks that could not be accommodated in 
the inode. 

The kernel allows processes to store new information in files or to 
recall previously stored information. When a process is to access data 
from a file, the data is brought into main storage 11 where the process 
can examine it, alter it, and request that the data be saved in the file 
system again. A process may also create new files and directories, remove 
existing files and directories, or replicate or rename existing files and 
directories. In all cases, as file sizes and file and directory 
populations in a file system change, the auxiliary data that describes 
the file system organization is brought into memory, examined and 
altered, and written to secondary storage. For example, the superblock of 
a file system must be examined when there is a need to allocate a new 
file or inode or to allocate new data blocks, and the superblock must be 
modified when data blocks or inodes are allocated or freed. Similarly, an 
inode describes the layout or data block organization within a file; the 
operating system reads an inode into memory to access its data, and 
writes the inode back to secondary storage when updating the file layout. 
The manipulation of this auxiliary data is done without the explicit 



knowledge or request of a running process. 

If the kernel were to read and write directly to and from disk for all 
file system accesses, then system response time and productivity would be 
poor because of the slow rate of data transfers between disk and memory. 
The file system implementation therefore attempts to minimize the 
frequency of disk accesses by keeping file data and file system 
structural information in the page cache 41, or the buffer cache 40, or 
both the caches. Page cache 41 is generally used for keeping data or code 
that should be directly addressable from a process running in user mode. 
Buffer cache 40, on the other hand, is a pool of memory that is allocated 
to and managed by the file subsystem for storing information that is 
needed by a file system implementation. Commonly, file data are cached in 
the page cache 41, while structural data such as inodes, superblocks, and 
indirect blocks are kept in the buffer cache 40; however, a file system 
implementation may choose to maintain file data in buffer cache, or to 
maintain structural data in the page cache for reasons of policy or 
algorithmic convenience. 
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Conference Title: Proceedings of the Eighth Systems Administration 
Conference (LISA VIII) 

Conference Date: 19-23 Sept. 1994 Conference Location: San Diego, CA, 
USA 

Language: English Document Type: Conference Paper (PA) 
Treatment: Practical (P) 

Abstract: OS upgrades are a headache because after installing a new OS, 
many files and directories need to be modified or created by hand, to 
restore the host's previous (preupgrade) configuration. On the other hand, 
saving entire / and /usr file systems for crash recovery is redundant 
because most files are unchanged, and copies exist on distribution media. 
In addition, restoring from backups after a disk crash is not as easy as an 
OS installation from distribution media because OS installation software 
does not necessarily include utilities to aid in doing so. Difficulties in 
performing OS upgrades and disk crash recoveries are dramatically reduced 
if a complete set of "changes" (a set of changes is called a 
"configuration" in this paper) which have occurred throughout /and/usr can 
be observed and saved. "Change" means: 1) addition and deletion of files 
and directories; 2) modification of the content and status of files and 
directories. Dealing with changes is non-trivial because conventional 
commands such as tar, cpio, and dump cannot handle deletion and cannot 
alter the permissions of a file without restoring its contents. If 
configurations can be stored under a single directory , OS upgrades 
become easier because the configuration can be restored by a simple 
operation after the upgrade. Saving all files in/and/usr, one only needs to 
save changes to those file systems. Easily perceive what the entire 
configuration is and modify merely a part of it. In this paper, the author 
introduces a tool called "OMNICONF", which stores and restores 
"configurations" to and from a specified directory. OMNICONF is implemented 
in 24 00 lines of Perl(l) code, under the concept shown above. (2 Refs) 

Subfile: C 
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organisation; operating systems (computers); system recovery; Unix 
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Abstract: Discusses the hierarchical file system of Unix, exploring its 
security features, and shows you how to use these features to protect your 
files. In Unix, each file, including directories and special files, has 
a set of access permissions associated with it. These access 



permissions determine who can access the file and what type of access is 
allowed. {0 Refs) 
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Language: English Document Type: Conference Paper (PA); Journal Paper 
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Abstract: Twelve subjects from two job categories, sales engineers and 
programmer analysts used an REL ENGLISH database to answer a set of 
questions. These questions were designed to require successively more 
complex interactions. The database contained Hewlett-Packard's Condensed 
Order Records, which were pertinent to the jobs of the sales engineers. All 
of the subjects were given a battery of cognitive tests measuring cognitive 
style and pattern extrapolation skills prior to using the database. They 
also received a brief training session on the structure of the database. 
Analysis of the subjects 1 interactions with the REL ENGLISH database, 
particularly analysis of the errors made, showed: first, that cognitive 
style is significantly correlated with the number of questions 
successfully completed; second, that while sales engineers were able to 
access all levels of the hierarchy in the database, programmer 

analysts had significantly more difficulty accessing data from higher 
levels than they did with data from the same or lower levels than the 
standard, entry level; and third, that programmer analysts had less 
difficulty with the fixed-format, programming-language-like features of REL 
ENGLISH, while sales engineers has less difficulty with the free-format, 
English-like features of REL ENGLISH. These findings suggest that 
quasi-natural language database interfaces are appropriate for 
nonprogrammers who have a field-independent cognitive style and who already 
are domain experts in the area covered by the database. (36 Refs) 
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Copyright (c) 1996 Elsevier Science B.V. All rights reserved. Trees 
are a useful class of computational structures. In parallel processing, 
mapping problems arise when the tree structure differs from the processor 
interconnection of the parallel computer. The MasPar"s MP-2 is a massively 
parallel computer where processors are interconnected via the X-Net 
neighborhood two-dimensional mesh and the global multistage crossbar router 
network. We present novel mapping schemes for trees on the MasPar"s MP-2 
two-dimensional mesh and on the two-dimensional mesh together with the 
MasPar"s MP-2 multistage crossbar network. Appropriate algorithms of the 
mapping scheme on the two-dimensional mesh (or grid) are presented and are 
shown to be superior over known mappings on square arrays (or grids) . 
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English Abstract 

The invention concerns a system for managing computer applications 
security, characterised in that: The computer applications are recorded 
in directory files (Repl, Rep2, Rep31, Rep32, Rep41, Rep42, Rep51, 
Rep52) organised in a tree-like structure with n levels, level 1 
directory (Repl) being the highest level; a number r of security 
registers (R) being attributed each to one single directory and each 
security register (R) containing the set of rights or secrets SI to Sp 
which have been assigned under one directory . 



